The dashboard widget uses a different database table from the logs and reports information, and is expected to have different outputs for specific situations.

Below is the workflow for Mobile Security for Enterprise detections.

1. When a malicious app is detected or when a device is connected to an untrusted network, it will write the detection data to two (2) separate database tables, one for the log reports and another for the dashboard widgets.
2. The malicious app will be displayed in the following locations on the web console:

   For malware detection:

   • On the dashboard, under Android/iOS Application Risk Summary
   • Under Detections > Suspicious Applications
   • Under Notifications & Reports > Log Query
   • Under Notifications & Reports > Reports

   For network detection:

   • On the dashboard, under Android/iOS Network Protection Summary
   • Under Notifications & Reports > Log Query
   • Under Notifications & Reports > Reports
3. The Logs and Reports both generate data from the application or network protection log report database table. This is a history file, so entries will always exist.
4. The Dashboard generates data from the application or network protection dashboard widget database table, wherein the entries will be deleted under certain events specified below:
   • If Mobile Security agent is uninstalled and/or unregistered from server
   • If the malicious app is deleted from the device
   • If the device is disconnected from the unsafe network and re-connected to a safe network

Hence, there will be some instances wherein the dashboard data will not match the logs and reports data since they are pulling information from different database tables. This is the expected behavior.

The dashboard serves as a real-time dectection summary page for your devices, while the logs and reports save all the detection history.

For more information about the specific database tables used, please contact Trend Micro Technical Support.